WO2011001630A1 - Data exchange processing device and data exchange processing method - Google Patents
Data exchange processing device and data exchange processing method Download PDFInfo
- Publication number
- WO2011001630A1 WO2011001630A1 PCT/JP2010/004169 JP2010004169W WO2011001630A1 WO 2011001630 A1 WO2011001630 A1 WO 2011001630A1 JP 2010004169 W JP2010004169 W JP 2010004169W WO 2011001630 A1 WO2011001630 A1 WO 2011001630A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- unit
- device list
- unauthorized device
- processing
- unauthorized
- Prior art date
Links
- 238000012545 processing Methods 0.000 title claims abstract description 170
- 238000003672 processing method Methods 0.000 title claims description 5
- 238000000034 method Methods 0.000 claims description 92
- 230000008569 process Effects 0.000 claims description 87
- 238000012795 verification Methods 0.000 claims description 38
- 238000001514 detection method Methods 0.000 claims 1
- 238000010200 validation analysis Methods 0.000 abstract 3
- 238000004891 communication Methods 0.000 description 21
- 230000005540 biological transmission Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 13
- 230000006870 function Effects 0.000 description 13
- 238000004364 calculation method Methods 0.000 description 12
- 238000004590 computer program Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000003111 delayed effect Effects 0.000 description 4
- 230000002452 interceptive effect Effects 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 3
- 239000000470 constituent Substances 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000007704 transition Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1012—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to domains
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25808—Management of client data
- H04N21/2585—Generation of a revocation list, e.g. of client devices involved in piracy acts
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/422—Input-only peripherals, i.e. input devices connected to specially adapted client devices, e.g. global positioning system [GPS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/426—Internal components of the client ; Characteristics thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/442—Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/458—Scheduling content for creating a personalised stream, e.g. by combining a locally stored advertisement with an incoming stream; Updating operations, e.g. for OS modules ; time-related management operations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/173—Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/603—Digital right managament [DRM]
Definitions
- the present invention relates to a technology for exchanging an unauthorized device list of a digital device between devices.
- content includes content that requires copyright protection, such as new movies and pay TV programs.
- content is encrypted and transmitted to a network. This technology is standardized by DTCP-IP (Digital Transmission Content Protection over Internet Protocol).
- DTCP-IP has an AKE (Authentication and Key Exchange) authentication key exchange function and a key revocation function.
- AKE Authentication and Key Exchange
- key revocation function a key revocation function
- each digital device holds a list in which unauthorized devices are registered (hereinafter referred to as “illegal device list”).
- a technology for preventing unauthorized devices from transmitting and receiving content is defined.
- the unauthorized device list is issued to each digital device from DTLA (Digital Transmission Licensing Administrator).
- DTLA Digital Transmission Licensing Administrator
- DTLA updates the unauthorized device list, so a newly manufactured digital device may have a new updated unauthorized device list.
- each digital device exchanges the information of the unauthorized device list held by itself when it transmits and receives content, and the digital device holding the newer unauthorized device list exchanges the new device with the new device list.
- the unauthorized device list is received, and the old unauthorized device list held by the own device is updated.
- Patent Document 1 discloses a technology for constantly updating the unauthorized device list of the entire topology to the latest using topology connection information.
- Streaming processing and unauthorized device list update processing are performed using a single cryptographic engine unit. Therefore, if the unauthorized device list update processing starts during streaming processing, playback on the playback device is delayed and playback is performed. There is a problem that the quality deteriorates. Specifically, the user is given the impression that “waiting for playback”.
- the present invention has been made in view of the above-described problems, and controls the update timing of an unauthorized device list to perform an update processing of an unauthorized device list without interfering with streaming processing and data exchange
- An object is to provide a processing method.
- the present invention is a data exchange processing device that eliminates unauthorized devices using a fraudulent device list and transmits / receives content, and includes a cryptographic engine unit that performs cryptographic processing and verification processing, Stream control means for outputting content while performing encryption processing of the content using the encryption engine unit, unauthorized device list update means for verifying an unauthorized device list using the encryption engine unit, and meta data related to the content State management means for outputting a notice of permission to the unauthorized device list updating means when detecting a section where the cryptographic processing load of the cryptographic engine unit is smaller than other sections using the information and the processing position by the stream control means And the unauthorized device list update means receives the permission notification from the state management means, and Characterized by starting the verification process Revocation List with Gin portion.
- the illegal device list verification process is started during the streaming process because the verification process of the illegal device list is started aiming at the section where the cryptographic processing load of the cryptographic engine unit is small. Even in this case, high reproduction quality can be maintained without interfering with the streaming process.
- FIG. 1 is a diagram illustrating a configuration of a network system 1.
- FIG. 2 is a functional block diagram showing a configuration of a client device 10.
- FIG. It is a figure which shows the format of an unauthorized device list.
- 2 is a diagram illustrating a configuration of a cryptographic engine unit 107.
- FIG. It is a figure which shows the specific example of hard resource management information.
- 5 is a flowchart showing the operation of an unauthorized device list update unit 105.
- 5 is a flowchart showing the operation of the state management unit 107. It is a state transition diagram of the stream control unit 103a, the unauthorized device list update unit 105, and the state management unit 107. It is a figure which shows the specific example of meta information.
- FIG. 3 is a functional block diagram showing a configuration of a server device 20.
- FIG. FIG. 14 is a sequence diagram for explaining streaming processing and unauthorized device list update processing by the client device 10 and the server device 20 using a specific example, and is continued from FIG. 13.
- FIG. 13 is a sequence diagram for explaining the streaming processing and unauthorized device list update processing by the client device 10 and the server device 20 using a specific example, and continues from FIG. 12.
- a data exchange processing device is a data exchange processing device that uses a fraudulent device list to exclude unauthorized devices and transmits / receives content, and includes a cryptographic engine unit that performs cryptographic processing and verification processing Stream control means for outputting the content while performing encryption processing of the content using the encryption engine unit, unauthorized device list update means for verifying the unauthorized device list using the encryption engine unit, and the content
- a cryptographic engine unit that performs cryptographic processing and verification processing
- unauthorized device list update means for verifying the unauthorized device list using the encryption engine unit
- the content A state in which permission notification is output to the unauthorized device list update unit when a section where the cryptographic processing load of the cryptographic engine unit is smaller than other sections is detected using the meta information and the processing position by the stream control unit Management means, and when the unauthorized device list update means receives the permission notification from the state management means, Characterized by starting the verification process of the unauthorized device list using the encryption engine unit.
- the cryptographic processing performed by the cryptographic engine unit refers to decryption processing of the encrypted content.
- the encryption processing performed by the encryption engine unit indicates content encryption processing.
- the meta information includes copy control information indicating whether or not copyright protection is performed for a plurality of partial contents constituting the content
- the state management means includes: Using the copy control information and the processing position by the stream control means, detecting a partial content that does not require copyright protection as a section where the cryptographic processing load of the cryptographic engine unit is smaller than other sections, the unauthorized device A notification of permission is output to the list update means.
- the copyright-protected partial content needs to be encrypted on the server device side and decrypted on the client device side. That is, cryptographic processing by the cryptographic engine unit is required.
- partial content that does not require copyright protection does not need to be encrypted on the server device side and does not need to be decrypted on the client device side. That is, cryptographic processing by the cryptographic engine unit is unnecessary.
- the illegal device list verification process is executed, so that even if an illegal device list update process occurs during the streaming process, the streaming process is obstructed. In this way, it is possible to update the unauthorized device list while maintaining high reproduction quality.
- the “streaming process” means a process of sequentially encrypting partial contents and transmitting them to the client apparatus.
- the partial contents are sequentially received and decrypted. To play.
- the meta information includes section information about a plurality of partial contents constituting the content
- the state management means includes the section information and the stream control means.
- the section information is information indicating the amount of data included in each partial content, the number of frames, the processing time of each partial content, the reproduction time, and the like. Therefore, when the section information and the processing position are used, the end point of the streaming process can be known.
- the unauthorized device list update unit is notified of the use permission when the processing of the last partial content by the stream control unit is completed, the unauthorized device list verification process is performed when the stream control unit does not use the cryptographic engine unit Therefore, the unauthorized device list can be updated while maintaining high reproduction quality without interfering with the streaming processing.
- the state management means includes: When the cryptographic engine unit is not used by the stream control unit, the permission notification is output to the unauthorized device list update unit, and when the use request of the cryptographic engine unit by the stream control unit is received, the unauthorized device list
- the use of the cryptographic engine unit by the updating means is interrupted, and the processing by the stream control means is prioritized.
- a data exchange processing device comprising holding means for holding a fraudulent device list, wherein the fraudulent device list update means is the other data exchange processing device acquired from another data exchange processing device.
- a determination unit that determines whether to update the unauthorized device list held by the holding unit based on version information and generation information of the unauthorized device list held by the
- An acquisition unit that acquires an unauthorized device list for update from the data exchange processing apparatus, and when the permission notification is received from the state management unit, the validity of the unauthorized device list for update is determined using the cryptographic engine unit
- the verification unit that requests the verification processing and the unauthorized device list that is held in the holding unit when the validity of the unauthorized device list for update is recognized , Characterized in that it comprises an update unit substituting the Revocation List for the update.
- the version information and the generation information are used to determine whether the unauthorized device list is new or old, it is possible to introduce a new unauthorized device list for both version and generation.
- the size of the unauthorized device list in accordance with the size of the holding means constituted by a nonvolatile memory.
- the CPU processing time occupied by the unauthorized device list update process can be reduced.
- FIG. 1 is a diagram showing a configuration of a network system 1 in the embodiment of the present invention.
- the network system 1 includes a plurality of client devices 10, 11,..., 12 and a plurality of server devices 20, 21,.
- Each client device and each server device are devices having a communication function, and can be connected to each other via the network 30.
- Each server device holds one or more contents.
- the server device performs streaming transmission of the requested content, and the client device performs streaming reproduction of the content.
- each client device and each server device include TV home appliances such as televisions, video players, and recording devices, information processing devices such as personal computers and workstations, digital cameras, video cameras, mobile phones, and portable video players. It is a portable information terminal such as a machine.
- the network 30 uses a wired line, a wireless line, IEEE1394, USB, or a combination thereof.
- a communication protocol TCP, RTP, HTTP, FTP, or the like is used. It is assumed that each client device and each server device is assigned an IP address as address information indicating a position on the network.
- the address information is not limited to the IP address, and other information such as a telephone number may be used.
- each of the client device and the server device always operates as a client device, and is not limited to always operating as a server device, but the client device may operate as a server device according to the function to be executed.
- the server device may operate as a client device.
- the client device 10 acquires management information (hereinafter referred to as “meta information”) including copy control information related to the content from the server device 20.
- meta information management information
- the client device 10 and the server device 20 execute an authentication key exchange process. Further, during the authentication key exchange process, the client device 10 and the server device 20 transmit the generation and version number of the unauthorized device list held by the own device to the counterpart device.
- the client device 10 and the server device 20 compare the generation and version number of the unauthorized device list held by the own device with the generation and version number of the unauthorized device list held by the counterpart device, and the new unauthorized device list
- the device holding the device transmits the unauthorized device list to the device holding the old unauthorized device list.
- the client device 10 has received a new unauthorized device list from the server device 20.
- the client device 10 does not immediately start the unauthorized device list update process.
- the client device 10 When the client device 10 acquires the exchange key, the client device 10 starts streaming reproduction, receives stream data (packet data) sequentially transmitted from the server device 20, decodes it, and reproduces it.
- stream data packet data
- the client device 10 uses the meta information and the playback position to find a timing that does not interfere with the streaming process, and performs an unauthorized device list update process.
- the packet data for which “NO MORE COPY” is set is data that requires copyright protection, and is transmitted after being encrypted by the server device 20, and therefore needs to be decrypted by the client device 10.
- FIG. 2 is a block diagram illustrating the configuration of the client device 10.
- the client device 10 includes a data exchange processing device 100a and a playback device 200 according to the present invention.
- the data exchange processing device 100a includes a communication unit 101, an authentication key exchange processing unit 102, a stream control unit 103a, an unauthorized device list storage unit 104, an unauthorized device list update unit 105, a cryptographic engine unit 106, and a state management unit 107.
- the communication unit 101 includes a communication unit 101, an authentication key exchange processing unit 102, a stream control unit 103a, an unauthorized device list storage unit 104, an unauthorized device list update unit 105, a cryptographic engine unit 106, and a state management unit 107.
- the playback device 200 includes a display unit and the like, and displays AV data output from the stream control unit 103a on the display unit.
- the communication unit 101 transmits / receives data to / from a server device connected via the network 30. Specifically, the communication unit 101 notifies the received data to the authentication key exchange processing unit 102 and the stream control unit 103a which are network applications corresponding to the designated port. The communication unit 101 receives a data transmission request from the authentication key exchange processing unit 102 and the stream control unit 103 a and transmits data addressed to the server device via the network 30.
- (2) Authentication key exchange processing unit 102 The authentication key exchange processing unit 102 notifies the communication unit 101 of an authentication key exchange execution request, and transmits authentication key exchange data to the server device via the communication unit 101 to start the authentication key exchange process. The authentication key exchange processing unit 102 receives authentication key exchange data from the server device via the communication unit 101.
- the authentication key exchange processing unit 102 notifies the state management unit 107 of a use request for the hardware resource of the cryptographic engine unit 106 before starting the authentication key exchange processing. Thereafter, the authentication key exchange processing unit 102 receives a use permission notification including information for identifying the hard resource of the cryptographic engine unit 106 from the state management unit 107, and starts the authentication key exchange processing.
- the authentication key exchange processing unit 102 performs authentication key exchange by exchanging a challenge command, a response command, and an exchange key command with the server device via the communication unit 101.
- the stream control unit 103a is notified of the completion of the authentication key exchange.
- the authentication key exchange processing unit 102 after the completion of the authentication key exchange processing, includes an unauthorized device list comparison request including the generation and version number of the unauthorized device list included in the challenge command and the response command and identification information that can identify the authentication key exchange processing. To the unauthorized device list update unit 105. Thereafter, the authentication key exchange processing unit 102 acquires a comparison result from the unauthorized device list update unit 105 to determine whether or not an unauthorized device list update process is necessary.
- the comparison result received from the unauthorized device list update unit 105 by the authentication key exchange processing unit 102 is any of transmission / reception unnecessary (same value), unauthorized device list transmission (new), and unauthorized device list reception (old).
- the authentication key exchange processing unit 102 acquires the unauthorized device list stored in the unauthorized device list storage unit 104 from the unauthorized device list update unit 105, and transmits the communication unit 101.
- the unauthorized device list is transmitted.
- the authentication key exchange processing unit 102 receives the exchange command including the unauthorized device list data via the communication unit 101. Upon receiving the exchange command, the authentication key exchange processing unit 102 notifies the unauthorized device list update unit 105 of an unauthorized device list update request including the received unauthorized device list data and identification information for identifying authentication key exchange.
- the authentication key exchange processing unit 102 upon receiving the authentication key exchange end request, notifies the state management unit 107 of a discard request and releases the hard resources.
- (3) Stream control unit 103a When the stream control unit 103 a receives an exchange key exchange completion notification including exchange key information from the authentication key exchange processing unit 102, the stream control unit 103 a requests the communication unit 101 to obtain a content and meta information corresponding to the content. Thereafter, the stream control unit 103a receives content and meta information. The stream control unit 103a notifies the state management unit 107 of a use request for the hardware resource of the cryptographic engine unit 106 before starting the content reproduction process.
- the stream control unit 103a is a hardware resource provided in the later-described cryptographic engine unit 106, AES128.
- the CBC unit 113 is used to decrypt the encrypted packet data.
- the stream control unit 103 a registers the received meta information in the state management unit 107.
- the stream control unit 103a When the stream control unit 103a receives the use permission notification including the hard resource identification information from the state management unit 107, the stream control unit 103a starts the content reproduction process.
- the stream control unit 103a acquires key information from the header information of the content received from the communication unit 101. Then, using the key information and the exchange key information received from the authentication key exchange processing unit 102, a decryption key (content key) for decrypting the content is generated.
- the stream control unit 103a sequentially decrypts the content sent from the server device using the decryption key, and outputs the content to the playback device 200.
- the stream control unit 103a transmits position information including the hard resource identification information and the content reproduction position to the state management unit 107 at regular time intervals while reproducing the content, and notifies the content reproduction status.
- the unauthorized device list storage unit 104 includes a memory management unit and a nonvolatile memory.
- the non-volatile memory stores an unauthorized device list.
- the unauthorized device list storage unit 104 reads the unauthorized device list from the nonvolatile memory via the memory management unit.
- the unauthorized device list storage unit 104 receives new unauthorized device list data from the unauthorized device list update unit 105, the unauthorized device list storage unit 104 stores the data at a specified address via the memory management unit.
- the unauthorized device list 150 includes, as header information, a type 151 (4 bits), a generation 152 (4 bits), a reserved area 153 (8 bits), a version number 154 (16 bits), and a size 156. (16 bits) and a list 157 in which IDs of unauthorized devices are described and a DTLA signature 158 (320 bits) as body information.
- the change of the format of the unauthorized device list according to the DTCP standard is managed by the information described in the generation 152.
- the larger generation 152 number is a newer format illegal device list. For example, in the case of the first generation unauthorized device list, “0” is described in the generation 152, and in the case of the second generation unauthorized device list, “1” is described in the generation 152.
- the generation 152 is associated with the size of the nonvolatile memory. If the information described in the generation 152 is viewed, the size of the non-volatile memory of the digital device holding the unauthorized device list can be determined.
- the version number 154 is information that is incremented every time DTLA issues an unauthorized device list.
- the version number 154 is handled as information lower than the generation 152.
- the list 157 is a main content of the unauthorized device list 150, which describes the IDs of devices that DTLA recognizes as unauthorized devices.
- Each server device and each client device checks whether or not the ID of the authentication key exchange request source device is listed in the list 157 in the authentication key exchange process.
- the DTLA signature 158 is used to prove that the unauthorized device list 150 is officially issued by DTLA.
- Unauthorized device list update unit 105 The unauthorized device list update unit 105 is activated by the authentication key exchange processing unit 102. The unauthorized device list update unit 105 performs verification processing of the DTLA signature included in the unauthorized device list using an ellipse operation unit 114 that is a hard resource provided in the cryptographic engine unit 106 described later.
- the unauthorized device list update unit 105 acquires from the authentication key exchange processing unit 102 an unauthorized device list comparison request including the generation and version number of the unauthorized device list held by the server device and authentication key exchange identification information (step S1). ).
- the unauthorized device list update unit 105 When the unauthorized device list update unit 105 receives the unauthorized device list comparison request, the unauthorized device list update unit 105 acquires the generation and version number of the unauthorized device list from the unauthorized device list storage unit 104, and the unauthorized device list is stored in the server device. Compare with the list to determine whether it is new, old, or equivalent. Specifically, both generations and version numbers are compared (step S2). Then, the unauthorized device list update unit 105 notifies the authentication key exchange processing unit 102 of the comparison result. In the present embodiment, when at least one of the generation and version number of its own unauthorized device list is old, it is necessary to update the unauthorized device list.
- the unauthorized device list update unit 105 discards the information received from the authentication key exchange processing unit 102 when the comparison result is the same value (“same” in step S2).
- the unauthorized device list update unit 105 reads the unauthorized device list from the unauthorized device list storage unit 104 (step S3). Then, the unauthorized device list update unit 105 notifies the state management unit 107 of a hardware resource use request (step S4). Thereafter, processing by the state management unit 107 is performed (step S5), and upon receiving a use permission notification including hard resource identification information from the state management unit 107, the unauthorized device list update unit 105 receives the unauthorized device list and hard resource identification information. Is sent to the cryptographic engine unit 106, and signature verification processing of the DTLA signature is performed (step S6).
- the unauthorized device list update unit 105 converts the unauthorized device list based on the generation and version number of the unauthorized device list of the server device.
- the unauthorized device list update unit 105 performs a size conversion process for matching the converted unauthorized device list with the size of the nonvolatile memory of the server device (step S8). Thereafter, the unauthorized device list update unit 105 notifies the authentication key exchange processing unit 102 of the unauthorized device list, and transmits the unauthorized device list via the authentication key exchange processing unit 102 (step S9).
- the unauthorized device list update unit 105 ends the unauthorized device list update process.
- the unauthorized device list update unit 105 receives the unauthorized device list of the server device via the authentication key exchange processing unit 102 (step S10).
- the unauthorized device list update unit 105 notifies the state management unit 107 of a hardware resource use request (step S11). Thereafter, processing by the state management unit 107 is performed (step S12), and when the use permission notification including the hard resource identification information is received from the state management unit 107, the unauthorized device list update unit 105 receives the unauthorized device list and the hard resource identification information. Is sent to the cryptographic engine unit 106, and signature verification processing of the DTLA signature is performed (step S13).
- the unauthorized device list update unit 105 writes the verified unauthorized device list in the unauthorized device list storage unit 104 (step S15).
- the unauthorized device list update unit 105 discards the unauthorized device list received from the server device (step S16) and ends the unauthorized device list update process. To do.
- the unauthorized device list update unit 105 When the update processing of the unauthorized device list is completed, the unauthorized device list update unit 105 notifies the status management unit 107 of a discard request and releases the hardware resources.
- the cryptographic engine unit 106 is a secure unit composed of a tamper resistant chip.
- the cryptographic engine unit 106 includes a secure I / F 111, a control unit 112, an AES128 / CBC unit 113, and an ellipse calculation unit 114, as shown in FIG.
- the AES128 / CBC unit 113 is a hard resource to which the identification information 0001 is assigned, and performs an encryption process and a decryption process using an AES128 / CBC algorithm. Specifically, decryption processing of encrypted packet data is performed.
- the ellipse calculation unit 114 is a hardware resource to which identification information 0002 is assigned, and performs signature generation processing and signature verification processing using an EC-DSA algorithm. Specifically, the verification process of the DTLA signature included in the unauthorized device list is performed.
- control unit 112 When the control unit 112 receives a hardware resource use request from the state management unit 107 via the secure I / F 111, the control unit 112 notifies the identification information corresponding to each hardware resource. In addition, when receiving a hardware resource discard request from the state management unit 107, the control unit 112 releases the corresponding hard resource. Further, the control unit 112 notifies the status management unit 107 of the processing status of each hard resource.
- the cryptographic engine unit 106 Since the cryptographic engine unit 106 includes confidential information used for decryption processing and signature verification processing, and it is necessary to ensure strong security, data transmission / reception with the outside is performed only via the secure I / F 111. It can be carried out. Data is transmitted and received in a time division manner on the transmission path between the outside and the secure I / F 111, and a DTLA signature verification process by the unauthorized device list update unit 105 occurs during the stream data decoding process by the stream control unit 103a. The stream data decoding process is delayed, and the transfer of AV data to the playback apparatus 200 is delayed.
- the state management unit 107 determines whether or not the ellipse operation unit 114 can be used by the unauthorized device list update unit 105. It is controlled to notify the use permission of 114. (7) State management unit 107 The state management unit 107 manages the use state of the hardware resources of the cryptographic engine unit 106 by the authentication key exchange processing unit 102, the stream control unit 103a, and the unauthorized device list update unit 105.
- the state management unit 107 receives a use request notification for the hardware resource of the cryptographic engine unit 106 from the authentication key exchange processing unit 102, the stream control unit 103a, and the unauthorized device list update unit 105, the hardware management information Is generated.
- Fig. 5 shows a specific example of hardware resource management information.
- the first line of the hard resource management information 160 is information generated when the use request notification is received from the stream control unit 103a, and the second line is when the use request notification is received from the unauthorized device list update unit 105. It is the information generated in Each information includes an ID, a hard resource ID, a function, and a state.
- ID is information generated by the state management unit 107 itself when the state management unit 107 receives a use request notification from the authentication key exchange processing unit 102, the stream control unit 103a, and the unauthorized device list update unit 105.
- the hardware resource ID is identification information of the hardware resource obtained when the hardware resource of the cryptographic engine unit 106 is acquired.
- the function is a function used by the hardware resource.
- the function types include AES128 / CBC encryption, AES128 / CBC decryption, elliptic operation verification, and elliptic operation signature.
- Status indicates the usage status of the function of the hardware resource.
- Types of states include ACTIVE, WAIT, and TERMINATE.
- the status management unit 107 When the status management unit 107 receives the processing status information including the hard resource identification information from the cryptographic engine unit 106, the status management unit 107 updates the “status” column of the corresponding hard resource management information.
- the state management unit 107 releases the hard resource acquired from the cryptographic engine unit 106 and responds to it. Erase hard resource management information.
- the state management unit 107 When the hardware resource release process is completed, the state management unit 107 notifies the authentication key exchange processing unit 102, the stream control unit 103a, and the unauthorized device list update unit 105 that have notified the discard request of the completion of the discard of the hard resource.
- the status management unit 107 When the status management unit 107 receives the use request notification from the authentication key exchange processing unit 102, the stream control unit 103a, and the unauthorized device list update unit 105, the status management unit 107 refers to the hardware resource management information and permits use of the requested hardware resource. judge. When the requested hard resource is in a usable state, the state management unit 107 notifies the authentication key exchange processing unit 102, the stream control unit 103, and the unauthorized device list update unit 105 that have notified the use request.
- the state management unit 107 receives the meta information from the stream control unit 103a and stores it therein. Further, in the state management unit 107, the stream control unit 103a receives position information including the content reproduction position from the content. Meta information progress information is generated using the meta information stored inside and the received position information. The meta information progress information includes copy control information of packet data scheduled to be processed next by the stream control unit 103a.
- the status management unit 107 When the status management unit 107 receives the hardware resource use request from the unauthorized device list update unit 105, the status management unit 107 notifies the unauthorized device list update unit 105 of the use permission of the hardware resource using the hardware resource management information and the meta information progress information. Determine timing.
- step S5 and step S12 in FIG. 7 are the details of step S5 and step S12 in FIG.
- the state management unit 107 Upon receiving the use request notification (step S21), the state management unit 107 generates hardware resource management information corresponding to the unauthorized device list update unit 105 (step S22). Then, the state management unit 107 confirms the hardware resource usage status of the cryptographic engine unit 106 (step S23).
- step S23 it is determined whether or not ACTIVE is described in the “status” column of the hardware resource management information corresponding to the stream control unit 103a.
- step S24 If it is not ACTIVE (NO in step S24), the state management unit 107 proceeds to step S30.
- the state management unit 107 acquires the position information transmitted from the stream control unit 103a (step S25), and generates meta information progress information from the meta information and the position information ( Step S26).
- the state management unit 107 determines whether or not the reproduction position section state described in the meta information progress information generated in step S26 is “copy free”.
- step S27 If the copy is free (YES in step S27), the process proceeds to step S30. If the copy is not free (NO in step S27), it is determined whether or not the reproduction of the content is complete. Specifically, it is determined whether or not the playback position section state described in the meta information progress information generated in step S26 is “0”.
- step S28 If the content reproduction has ended (YES in step S28), the process proceeds to step S30. If the reproduction of the content is not finished (NO in step S28), the process returns to step S25 to continue the process.
- the stream control unit 103a When the hardware resource usage state of the stream control unit 103a is not “ACTIVE”, the stream control unit 103a does not use the hardware resource of the cryptographic engine unit 106. Further, when the reproduction position section state of the meta information progress information is “copy free”, since the packet data need not be decrypted, the stream control unit 103a does not use the hardware resource of the encryption engine unit 106. In addition, even when the content reproduction ends, the stream control unit 103a does not use the hardware resources of the cryptographic engine unit 106.
- the state management unit 107 notifies the unauthorized device list update unit 105 of permission to use the hard resource (step S29).
- ⁇ Hard resource management by the state management unit 107> Next, hardware resource management by the state management unit 107 will be described with reference to FIGS.
- FIG. 8 is a diagram illustrating state transitions of the stream control unit 103a, the state management unit 107, and the unauthorized device list update unit 105.
- copy control information of the packet data to be played back is NMC, NMC, NMC, CF, NMC, and NMC in order from the top of the content. “NMC” indicates no more copy, and “CF” indicates copy free.
- the stream control unit 103a When the reproduction process is started, the stream control unit 103a notifies the state management unit 107 of the position information 1 to 6 including the reproduction position at a predetermined time interval.
- the state management unit 107 generates meta information progress information using the meta information stored therein and the received position information each time the position information 1 to 6 is received.
- the state management unit 107 displays the meta information 170 shown in FIG. Information progress information 180 is generated.
- the meta information progress information 180 indicates that the copy position information of the packet data to be reproduced next is set to NMC because the reproduction position section information is NMC.
- the state management unit 107 when the position information 3 is received, the state management unit 107 generates meta information progress information 190 shown in FIG. Since the reproduction position section information is CF, the meta information progress information 190 indicates that copy control information for the next packet data to be reproduced is set to CF.
- the state management unit 107 When the position information 6 is received, the state management unit 107 generates meta information progress information 210 shown in FIG. Since the reproduction section position information is 0, the meta information progress information 210 indicates that there is no packet data to be reproduced next, and the content reproduction process ends.
- the state management unit 107 Since the position information 1 to 6 includes the reproduction position, the state management unit 107 looks at the reproduction position and the section information described in the meta information 170, and the stream control unit 103a processes what number of packet data at present. You can know what you are doing. Then, the state management unit 107 acquires the copy control information of the packet data scheduled to be processed next from the meta information 170 and sets it in the reproduction section position information of the meta information progress information.
- the state management unit 107 knows that the stream control unit 103a is currently processing the third packet data. Since the copy control information of the fourth packet data to be processed next is CF, the state management unit 107 sets the reproduction section position information of the meta information progress information to “CF”.
- the state management unit 107 knows that the stream control unit 103a is currently processing the sixth packet data. Since there is no packet data to be processed next, the state management unit 107 sets the reproduction section position information of the meta information progress information to “0”.
- the unauthorized device list update unit 105 When the unauthorized device list update unit 105 receives a notification of permission for use, the unauthorized device list update unit 105 performs a DTLA signature verification process.
- FIG. 11 is a block diagram illustrating a configuration of the server device 20.
- the server device 20 includes a data exchange processing device 100b and a content storage unit 300 according to the present invention.
- the data exchange processing device 100b includes a communication unit 101, an authentication key exchange processing unit 102, a stream control unit 103b, an unauthorized device list storage unit 104, an unauthorized device list update unit 105, a cryptographic engine unit 106, and a state management unit 107.
- the communication unit 101 includes a communication unit 101, an authentication key exchange processing unit 102, a stream control unit 103b, an unauthorized device list storage unit 104, an unauthorized device list update unit 105, a cryptographic engine unit 106, and a state management unit 107.
- the content storage unit 300 is composed of a hard disk drive or the like, and stores one or more contents and meta information corresponding to each content.
- the content is a movie, music, computer program, computer game, photograph, text data, or the like.
- the same reference numerals as those in FIG. 2 are used for constituent elements of the data exchange processing device 100b that have the same functions as those of the data exchange processing device 100a of the client device 10.
- description of components having the same reference numerals is omitted, and only the stream control unit 103b is described.
- the stream control unit 103b acquires the meta information corresponding to the content from the content storage unit 300, and transmits the meta information to the client device via the communication unit 101. Send.
- the stream control unit 103 b acquires the exchange key information from the authentication key exchange processing unit 102, and sends the encryption engine unit 106 to the state management unit 107. Notification of usage request for hard resources.
- the stream control unit 103b reads the content from the content storage unit 300.
- the stream control unit 103b acquires key information from the header information of the content. Then, an encryption key (content key) for encrypting the content is generated using the key information and the exchange key information received from the authentication key exchange processing unit 102. Then, the stream control unit 103b divides the content into packet data, encrypts it, and sequentially transmits it to the client device via the communication unit 101.
- an encryption key content key
- the stream control unit 103b divides the content into packet data, encrypts it, and sequentially transmits it to the client device via the communication unit 101.
- the stream control unit 103b transmits the packet data in which the copy control information is set to CF to the client device 10 in plain text without being encrypted.
- the partial content whose copy control information is set to NMC is encrypted and transmitted to the client apparatus 10.
- the stream control unit 103b notifies the state management unit 107 of a request for discarding the hard resource.
- the client device 10 receives and reproduces the content packet data, whereas the server device 20 encrypts and transmits the content packet data. Therefore, the state management unit 107 of the server device 20 generates meta information progress information using the meta information and the processing position when the stream control unit 103b performs the streaming process using the cryptographic engine unit 106. . Then, using the meta information progress information, when the stream control unit 103b processes the packet data in which the copy control information is set to CF (copy free), the unauthorized device list update unit 105 is permitted to use the hard resource. To be notified.
- FIGS. 12 and 13 are sequence diagrams relating to the unauthorized device list update process in the client device 10 and the server device 20.
- the user operates an operation unit (not shown) of the client device 10 to instruct reproduction of content.
- the client device 10 executes an application having a content reproduction function.
- the client device 10 requests the server device 20 holding the content via the network 30 to exchange an authentication key.
- the server device 20 performs an authentication key exchange process between the authentication key exchange processing unit 102 of the client device 10 and the authentication key exchange processing unit 102 of the server device 20 (step S101).
- the client device 10 acquires exchange key information during the authentication key exchange process, and notifies the stream control unit 103a of the exchange key information. Further, the client device 10 and the server device 20 exchange the generation and version number of the unauthorized device list during the authentication key exchange process.
- the client device 10 requests meta information from the server device 20 via the network 30.
- the server device 20 transmits the meta information to the client device 10 (step S102).
- the client device 10 registers the meta information in the state management unit 107 (step S103).
- the stream control unit 103a of the client device 10 transmits a streaming request to the server device 20 via the network 30, and the stream control unit 103b of the server device 20 receives the streaming request (step S104).
- the stream control unit 103b transmits packet data (DATA1) of content corresponding to the streaming request to the stream control unit 103a, and the stream control unit 103a receives DATA1 (step S105).
- DATA1 transmitted / received in step S105 is encrypted with copy control information set to NMC. Therefore, the stream control unit 103a reproduces the AV data while decoding the received DATA1 (step S106).
- the unauthorized device list update unit 105 of the client device 10 and the unauthorized device list update unit 105 of the server device 20 perform new / old determination processing of the unauthorized device list held by the own device (step S107 and step S108). .
- the unauthorized device list of the server device 20 is new.
- the execution order may be changed.
- the server device 20 If the server device 20 is determined to be the unauthorized device list transmission side in step S108, the server device 20 reads the unauthorized device list from the unauthorized device list storage unit 104, and the generation of the unauthorized device list of the client device 10 acquired during the authentication key exchange process. Based on the above, the size of the unauthorized device list is converted (step S109). Then, the unauthorized device list is transmitted to the client device 10 via the authentication key exchange processing unit 102, and the client device 10 receives the unauthorized device list (step S110).
- the authentication key exchange processing unit 102 of the client device 10 Upon receiving the unauthorized device list, the authentication key exchange processing unit 102 of the client device 10 notifies the unauthorized device list update unit 105 of an unauthorized device list update request (step S111), and the unauthorized device list update unit 105 receives the status management unit. The hardware resource use request is notified to 107.
- the unauthorized device list update processing and the streaming processing are operating in parallel.
- step S106 the streaming process is continued.
- the server device 20 transmits packet data (DATA2) following DATA1 to the client device 10, and the client device 10 receives DATA2 (step S112). Since DATA2 is encrypted, the stream control unit 103a reproduces AV data while decrypting the received DATA2 (step S113).
- the server device 20 transmits packet data (DATA3) following DATA2 to the client device 10, and the client device 10 receives DATA3 (step S114). Since DATA3 is encrypted, the stream control unit 103a reproduces AV data while decrypting the received DATA3 (step S114).
- the state management unit 107 of the client device 10 generates meta information progress information using the meta information and the position information registered in step S103 every time the position information is received from the stream control unit 103a.
- the packet data (DATA 4) to be acquired next is a section in which the copy control information is set to CF (copy free) and the decoding process is unnecessary. Therefore, the state management unit 107 determines that the DTLA signature verification process included in the unauthorized device list update process is shorter than the DATA4 process, and notifies the unauthorized device list update unit 105 of the permission to use the hardware resource (step). S116).
- the server device 20 transmits packet data (DATA4) following DATA3 to the client device 10, and the client device 10 receives DATA4 (step S117). Since DATA4 is not encrypted, the stream control unit 103a reproduces the received DATA4 (step S118).
- the unauthorized device list update unit 105 executes an unauthorized device list update process (step S119), and writes the unauthorized device list in the unauthorized device list storage unit 104 (step S120).
- the streaming process continues after step S118.
- the server device 20 transmits packet data (DATA5) following DATA4 to the client device 10, and the client device 10 receives DATA5 (step S121).
- the stream control unit 103a reproduces AV data while decoding the received DATA5 (step S122).
- the server device 20 transmits packet data (DATA6) following DATA5 to the client device 10, and the client device 10 receives DATA6 (step S123).
- the stream control unit 103a reproduces AV data while decoding the received DATA6 (step S124).
- the cryptographic engine unit 106 includes two hardware resources, the AES128 / CBC unit 113 and the ellipse calculation unit 114.
- the cryptographic engine unit of the present invention is not limited to this, and hardware resources corresponding to other encryption algorithms may be mounted.
- the present invention is not limited to this, and when the unauthorized device list for update is acquired before the streaming process is started, the update processing of the unauthorized device list may be started prior to the streaming process. It is included in the present invention.
- the state management unit 107 knows that the cryptographic engine unit 106 is not used by the stream control units 103a and 103b. Therefore, in this case, the hardware resource usage permission may be notified to the unauthorized device list update unit 105 that has notified the hardware resource usage request.
- the state management unit 107 causes the cryptographic engine unit 106 to stream the stream. Control may be performed so that the control units 103a and 103b are used preferentially.
- the status management unit 107 confirms the current usage status of the cryptographic engine unit 106 using the hardware resource management information.
- the unauthorized device list update unit 105 uses the cryptographic engine unit 106, the unauthorized device list update unit 105 requests the unauthorized device list update unit 105 to interrupt the signature verification process.
- the ellipse calculation unit 114 may temporarily save the calculation result held in the register in a memory (not shown).
- the unauthorized device list update unit 105 temporarily interrupts the signature verification process when requested to interrupt the signature verification process. Thereafter, the state management unit 107 notifies the stream control units 103a and 103b of permission to use the hard resource.
- the state management unit 107 may perform control as described in the above embodiment.
- the status management unit 107 generates meta information progress information from the meta information and the position information, and the stream control units 103a and 103b perform the copy-free packet data at the timing of processing by the unauthorized device list update unit 105. Control to restart the signature verification process. If there is no copy-free packet data, control is performed so that the signature verification process by the unauthorized device list update unit 105 is resumed when the streaming process is completed.
- the timing for notifying the unauthorized device list update unit 105 of the use permission is controlled using the meta information progress information.
- the timing which notifies use permission with respect to an unauthorized device list update part is controlled using hard resource management information and meta-information progress information.
- the AES128 / CBC unit 113 and the ellipse calculation unit 114 of the cryptographic engine unit 106 may perform processing in parallel.
- the state management unit 107 may determine permission to use the hard resource by using the number of simultaneous processing of hard resources and the hard resource bandwidth information in addition to the meta information progress information and the hard resource management information.
- the state management unit 107 stores in advance hardware resource bandwidth information including a bandwidth necessary for the streaming process and a bandwidth necessary for the DTLA signature verification process. Furthermore, the state management unit 107 manages the bandwidth currently in use. When the use request is notified from the unauthorized device list management unit 105, the state management unit 107 uses the hard resource bandwidth information and the currently used bandwidth to the unauthorized device list update unit 105. Thus, it is determined whether or not the use of the ellipse calculation unit 114 is permitted.
- the state management unit 107 does not notify the unauthorized device list update unit 105 of permission to use when the streaming process is delayed. Even if it is done, if there is no delay in the streaming process, the unauthorized device list update unit 105 is notified of permission to use.
- the above embodiment has described a specific example in which an unauthorized device list is transmitted and received between a client device and a server device connected to the network 30 that is a home network.
- the present invention is not limited to the case where the unauthorized device list is transmitted and received between the client device and the server device, and includes, for example, the following cases.
- a DTLA operation server managed by DTLA is installed on a network such as the Internet.
- the DTLA operation server manages a new unauthorized device list distributed by DTLA.
- Each digital device (client device and server device in the embodiment) receives and updates a new unauthorized device list from the DTLA operation server via the network.
- the DTLA may store and distribute a new unauthorized device list in a portable medium.
- a new unauthorized device list may be stored and sold on a DVD-ROM or BD-ROM, which is a commercial medium in which movie content is stored.
- the client device and server device in the above embodiment are computer systems that include a microprocessor, ROM, RAM, HDD, and the like.
- a computer program is recorded in the HDD or ROM, and the client device and the server device achieve various functions by the microprocessor executing the computer program using the working RAM.
- the computer program is configured by combining a plurality of instruction codes indicating instructions for the computer in order to achieve a predetermined function.
- the components of the client device and the server device may be configured by a single system LSI (Large Scale Integration).
- the system LSI is a super multifunctional LSI manufactured by integrating a plurality of components on one chip, and specifically, a computer system including a microprocessor, a ROM, a RAM, and the like. .
- each part of the constituent elements constituting the client device and the server device may be individually made into one chip, or may be made into one chip so as to include a part or all of them.
- the present invention may be the method described above. Further, the present invention may be a computer program that realizes these methods by a computer, or a computer-readable recording medium such as a flexible disk, hard disk, CD-ROM, MO, DVD, DVD-ROM, DVD -It may be recorded on a RAM, a BD (Blu-ray Disc), a semiconductor memory, or the like. (6) The above embodiment and the above modifications may be combined.
- the present invention can be used as a mechanism for executing an unauthorized device list update process while maintaining high reproduction quality during a streaming process in an industry that manufactures and sells a data exchange processing device compliant with the DTCP-IP standard.
- Network system 10 1, 12 Client device 20, 21, 22 Server device 30
- Network 100 A Data exchange processing device 100b Data exchange processing device 101
- Communication unit 102 Authentication key exchange processing unit 103a Stream control unit 103b Stream control unit 104
- Unauthorized device list Storage unit 105
- Unauthorized device list update unit 106
- Cryptographic engine unit 107
- State management unit 200 Playback device 300 Content storage unit
Abstract
Description
前記ストリーム制御手段により前記暗号エンジン部が使用されていない場合、前記不正機器リスト更新手段へ前記許可通知を出力し、前記ストリーム制御手段による前記暗号エンジン部の使用要求を受け付けると、前記不正機器リスト更新手段による前記暗号エンジン部の使用を中断させて、前記ストリーム制御手段による処理を優先させることを特徴とする。 In the data exchange processing device according to the fourth aspect of the present invention, the state management means includes:
When the cryptographic engine unit is not used by the stream control unit, the permission notification is output to the unauthorized device list update unit, and when the use request of the cryptographic engine unit by the stream control unit is received, the unauthorized device list The use of the cryptographic engine unit by the updating means is interrupted, and the processing by the stream control means is prioritized.
<システムの概要>
図1は、本発明の実施の形態におけるネットワークシステム1の構成を示す図である。同図に示すように、ネットワークシステム1は、複数のクライアント装置10、11、・・・、12と、複数のサーバ装置20、21、・・・、22とを含んで構成される。各クライアント装置および各サーバ装置は、通信機能を有する装置であって、ネットワーク30を介して相互に接続可能である。 Hereinafter, embodiments of the present invention will be described with reference to the drawings.
<System overview>
FIG. 1 is a diagram showing a configuration of a
<ストリーミング再生の概要>
ここでは、クライアント装置10が、サーバ装置20の保持するコンテンツをストリーミング再生しながら、不正機器リストを更新するときの手順を簡単に説明する。 In addition, each of the client device and the server device always operates as a client device, and is not limited to always operating as a server device, but the client device may operate as a server device according to the function to be executed. The server device may operate as a client device.
<Overview of streaming playback>
Here, a procedure when the
<クライアント装置10>
図2は、クライアント装置10の構成を示すブロック図である。 The packet data set to “copy-free” is data that does not require copyright protection, and is transmitted without being encrypted, so that decryption processing is not necessary in the
<
FIG. 2 is a block diagram illustrating the configuration of the
(1)通信部101
通信部101は、ネットワーク30を介して接続されているサーバ装置との間でデータの送受信を行う。具体的には、通信部101は、指定されたポートに対応したネットワークアプリケーションである認証鍵交換処理部102およびストリーム制御部103aに受信データを通知する。また、通信部101は、認証鍵交換処理部102およびストリーム制御部103aからデータ送信要求を受け付け、サーバ装置宛てのデータを、ネットワーク30を介して送信する。
(2)認証鍵交換処理部102
認証鍵交換処理部102は、通信部101へ認証鍵交換実行要求を通知し、通信部101を介してサーバ装置へ認証鍵交換のデータを送信することにより認証鍵交換処理を開始する。認証鍵交換処理部102は、通信部101を介してサーバ装置から認証鍵交換のデータを受け取る。 Hereinafter, details of the data
(1)
The
(2) Authentication key
The authentication key
(3)ストリーム制御部103a
ストリーム制御部103aは、認証鍵交換処理部102から、交換鍵情報を含む交換鍵交換完了通知を受け取ると、コンテンツおよび当該コンテンツに対応したメタ情報の取得要求を通信部101に依頼する。その後、ストリーム制御部103aは、コンテンツおよびメタ情報を受け取る。ストリーム制御部103aは、コンテンツの再生処理を開始する前に、状態管理部107へ暗号エンジン部106のハードリソースに対する使用要求を通知する。ストリーム制御部103aは、後述する暗号エンジン部106に備えられたハードリソースであるAES128.CBC部113を用いて、暗号化されているパケットデータの復号処理を行う。 Further, upon receiving the authentication key exchange end request, the authentication key
(3)
When the
(4)不正機器リスト記憶部104
不正機器リスト記憶部104は、メモリ管理部および不揮発メモリから構成される。不揮発性メモリには、不正機器リストが格納されている。不正機器リスト記憶部104は、不正機器リスト更新部105から要求されると、メモリ管理部を介して、不揮発性メモリから不正機器リストを読み出す。また、不正機器リスト記憶部104は、不正機器リスト更新部105から新たな不正機器リストのデータを受け取ると、メモリ管理部を介して、指定アドレスへデータを格納する。 When the reproduction of the content is completed, the
(4) Unauthorized device
The unauthorized device
(5)不正機器リスト更新部105
不正機器リスト更新部105は、認証鍵交換処理部102により起動される。不正機器リスト更新部105は、後述する暗号エンジン部106に備えられたハードリソースである楕円演算部114を用いて、不正機器リストに含まれるDTLA署名の検証処理を行う。 The
(5) Unauthorized device
The unauthorized device
(6)暗号エンジン部106
暗号エンジン部106は、耐タンパー化されたチップで構成されるセキュアユニットである。暗号エンジン部106は、図4に示すように、セキュアI/F111、制御部112、AES128・CBC部113、および楕円演算部114から構成される。 Note that “processing by the state management unit” in steps S5 and S12 will be described in detail in the description of the
(6)
The
(7)状態管理部107
状態管理部107は、認証鍵交換処理部102、ストリーム制御部103a、および不正機器リスト更新部105による暗号エンジン部106のハードリソースの使用状態を管理する。 Therefore, the state management unit 107 (to be described later) determines whether or not the
(7)
The
<状態管理部107によるハードリソース管理>
次に、状態管理部107によるハードリソース管理について、図8~図10を用いて説明する。 Therefore, the
<Hard resource management by the
Next, hardware resource management by the
<サーバ装置20の構成>
図11は、サーバ装置20の構成を示すブロック図である。 When the DTLA signature verification process ends, the unauthorized device
<Configuration of
FIG. 11 is a block diagram illustrating a configuration of the
<システムのシーケンス図>
図12および図13は、クライアント装置10およびサーバ装置20における不正機器リスト更新処理に関するシーケンス図である。 The
<System sequence diagram>
FIGS. 12 and 13 are sequence diagrams relating to the unauthorized device list update process in the
<その他の変形例>
本発明を上記の実施形態に基づき説明してきたが、本発明は、上記の実施形態に得限定されないのは勿論であり、以下のような場合も本発明に含まれる。
(1)上記の実施形態では、暗号エンジン部106は、ハードリソースとして、AES128・CBC部113および楕円演算部114の2つを搭載している。しかし、本発明の暗号エンジン部はこれに限定されず、さらに他の暗号化アルゴリズムに対応したハードリソースを搭載していてもよい。
(2)上記の実施形態では、例えば図12に記載したように、サーバ装置とクライアント装置とによるストリーミング処理が開始された後に、不正機器リストの更新処理を開始している。 The
<Other variations>
Although the present invention has been described based on the above-described embodiments, the present invention is not limited to the above-described embodiments, and the following cases are also included in the present invention.
(1) In the above embodiment, the
(2) In the above-described embodiment, for example, as illustrated in FIG. 12, after the streaming processing by the server device and the client device is started, the unauthorized device list update processing is started.
(3)上記の実施形態では、メタ情報進捗情報を用いて、不正機器リスト更新部105に対して使用許可を通知するタイミングを制御している。また、上記の変形例(2)では、ハードリソース管理情報およびメタ情報進捗情報を用いて、不正機器リスト更新部に対して使用許可を通知するタイミングを制御している。 In other words, the
(3) In the above embodiment, the timing for notifying the unauthorized device
(4)上記の実施形態は、ホームネットワークであるネットワーク30に接続されたクライアント装置とサーバ装置との間で、不正機器リストの送受信を行う具体例を説明した。 If the
(4) The above embodiment has described a specific example in which an unauthorized device list is transmitted and received between a client device and a server device connected to the
(a)インターネットなどのネットワーク上にDTLAが管理するDTLA運用サーバを設置する。DTLA運用サーバは、DTLAが配布する新たな不正機器リストを管理している。各デジタル機器(実施形態におけるクライアント装置およびサーバ装置)は、ネットワークを介してDTLA運用サーバから新たな不正機器リストを受信して更新する。
(b)また、DTLAが、新たな不正機器リストを可搬型のメディアに格納して配布してもよい。たとえば、映画コンテンツが格納されている商用メディアであるDVD-ROMやBD-ROMに、新たな不正機器リストを格納して販売してもよい。そして、各デジタル機器は、当該メディアが挿入されと、自機が保持している不正機器リストとメディアに格納されている不正機器リストの新旧を判定して、自機が保持する不正機器リストが古い場合には、メディアから新たな不正機器リストを読み出して、更新するとしてもよい。
(5)上記の実施形態におけるクライアント装置およびサーバ装置は、マイクロプロセッサ、ROM、RAM、HDDなどを備えるコンピュータシステムである。HDDまたはROMには、コンピュータプログラムが記録されており、マイクロプロセッサが作業用のRAMを用いてコンピュータプログラムを実行することにより、クライアント装置およびサーバ装置は、各種の機能を達成する。ここで、コンピュータプログラムは、所定の機能を達成するために、コンピュータに対する指令を示す命令コードが複数個組み合わされて構成されたものである。 The present invention is not limited to the case where the unauthorized device list is transmitted and received between the client device and the server device, and includes, for example, the following cases.
(A) A DTLA operation server managed by DTLA is installed on a network such as the Internet. The DTLA operation server manages a new unauthorized device list distributed by DTLA. Each digital device (client device and server device in the embodiment) receives and updates a new unauthorized device list from the DTLA operation server via the network.
(B) The DTLA may store and distribute a new unauthorized device list in a portable medium. For example, a new unauthorized device list may be stored and sold on a DVD-ROM or BD-ROM, which is a commercial medium in which movie content is stored. Each digital device, when the media is inserted, judges whether the unauthorized device list held by the device and the unauthorized device list stored on the media are new or old, and the unauthorized device list held by the device If it is old, a new unauthorized device list may be read from the media and updated.
(5) The client device and server device in the above embodiment are computer systems that include a microprocessor, ROM, RAM, HDD, and the like. A computer program is recorded in the HDD or ROM, and the client device and the server device achieve various functions by the microprocessor executing the computer program using the working RAM. Here, the computer program is configured by combining a plurality of instruction codes indicating instructions for the computer in order to achieve a predetermined function.
(6)上記実施の形態及び上記変形例をそれぞれ組み合わせるとしてもよい。 Further, the present invention may be the method described above. Further, the present invention may be a computer program that realizes these methods by a computer, or a computer-readable recording medium such as a flexible disk, hard disk, CD-ROM, MO, DVD, DVD-ROM, DVD -It may be recorded on a RAM, a BD (Blu-ray Disc), a semiconductor memory, or the like.
(6) The above embodiment and the above modifications may be combined.
10、11、12 クライアント装置
20、21、22 サーバ装置
30 ネットワーク
100a データ交換処理装置
100b データ交換処理装置
101 通信部
102 認証鍵交換処理部
103a ストリーム制御部
103b ストリーム制御部
104 不正機器リスト記憶部
105 不正機器リスト更新部
106 暗号エンジン部
107 状態管理部
200 再生装置
300 コンテンツ格納部 1
Claims (6)
- 不正機器リストを用いて不正な機器を排除し、コンテンツを送受信するデータ交換処理装置であって、
暗号処理および検証処理を行う暗号エンジン部と、
前記暗号エンジン部を用いてコンテンツの暗号処理を行いながらコンテンツを出力するストリーム制御手段と、
前記暗号エンジン部を用いて不正機器リストの検証処理を行う不正機器リスト更新手段と、
前記コンテンツに係るメタ情報と前記ストリーム制御手段による処理位置とを用いて、前記暗号エンジン部の暗号処理の負荷が他の区間よりも小さい区間を検出すると、前記不正機器リスト更新手段へ許可通知を出力する状態管理手段とを備え、
前記不正機器リスト更新手段は、前記状態管理手段から前記許可通知を受け取ると、前記暗号エンジン部を用いた不正機器リストの検証処理を開始する
ことを特徴とするデータ交換処理装置。 A data exchange processing device that eliminates unauthorized devices using an unauthorized device list and transmits / receives content,
A cryptographic engine unit for performing cryptographic processing and verification processing;
Stream control means for outputting content while performing encryption processing of the content using the cryptographic engine unit;
Unauthorized device list update means for verifying the unauthorized device list using the cryptographic engine unit;
When detecting a section where the cryptographic processing load of the cryptographic engine unit is smaller than other sections using the meta information related to the content and the processing position by the stream control means, a notification of permission is sent to the unauthorized device list update means. A state management means for outputting,
When the unauthorized device list update unit receives the permission notice from the state management unit, the unauthorized device list update unit starts verification processing of the unauthorized device list using the cryptographic engine unit. - 前記メタ情報は、前記コンテンツを構成する複数の部分コンテンツについての著作権保護の有無を示すコピー制御情報を含み、
前記状態管理手段は、前記コピー制御情報と前記ストリーム制御手段による処理位置とを用いて、前記暗号エンジン部の暗号処理の負荷が他の区間よりも小さい区間として著作権保護が不要な部分コンテンツを検出すると、前記不正機器リスト更新手段へ許可通知を出力する
ことを特徴とする請求項1に記載のデータ交換処理装置。 The meta information includes copy control information indicating the presence or absence of copyright protection for a plurality of partial contents constituting the content,
The state management means uses the copy control information and the processing position by the stream control means to generate a partial content that does not require copyright protection as a section in which the cryptographic processing load of the cryptographic engine unit is smaller than other sections. The data exchange processing device according to claim 1, wherein upon detection, a permission notice is output to the unauthorized device list update means. - 前記メタ情報は、前記コンテンツを構成する複数の部分コンテンツについての区間情報を含み、
前記状態管理手段は、前記区間情報と前記ストリーム制御手段による処理位置とを用いて、前記暗号エンジン部の暗号処理の負荷が他の区間よりも小さい区間として前記コンテンツの終了時点を検出すると、前記不正機器リスト更新手段へ許可通知を出力する
ことを特徴とする請求項1に記載のデータ交換処理装置。 The meta-information includes section information about a plurality of partial contents constituting the content,
When the state management unit detects the end time of the content as a section where the cryptographic processing load of the cryptographic engine unit is smaller than other sections using the section information and the processing position by the stream control unit, The data exchange processing device according to claim 1, wherein a permission notice is output to the unauthorized device list update means. - 前記状態管理手段は、
前記ストリーム制御手段により前記暗号エンジン部が使用されていない場合、前記不正機器リスト更新手段へ前記許可通知を出力し、
前記ストリーム制御手段による前記暗号エンジン部の使用要求を受け付けると、前記不正機器リスト更新手段による前記暗号エンジン部の使用を中断させて、前記ストリーム制御手段による処理を優先させる
ことを特徴とする請求項1に記載のデータ交換処理装置。 The state management means includes
If the cryptographic engine unit is not used by the stream control means, the permission notice is output to the unauthorized device list update means,
The use of the cryptographic engine unit by the unauthorized device list update unit is interrupted when the use request of the cryptographic engine unit by the stream control unit is received, and the processing by the stream control unit is given priority. The data exchange processing device according to 1. - 前記データ交換処理装置は、
不正機器リストを保持する保持手段を備え、
前記不正機器リスト更新手段は、
他のデータ交換処理装置から取得した当該他のデータ交換処理装置が保持している不正機器リストのバージョン情報および世代情報に基づいて、前記保持手段が保持する前記不正機器リストを更新するか否かを判断する判断部と、
更新すると判断した場合に、前記他のデータ交換処理装置から更新用の不正機器リストを取得する取得部と、
前記状態管理手段から前記許可通知を受け取ると、前記暗号エンジン部を用いて前記更新用の不正機器リストの正当性を判断する前記検証処理を依頼する検証部と、
前記更新用の不正機器リストの正当性が認められると、前記保持手段に保持されている前記不正機器リストを、前記更新用の不正機器リストに置き換える更新部とを含む
ことを特徴とする請求項1に記載のデータ交換処理装置。 The data exchange processing device
A holding means for holding the unauthorized device list is provided.
The unauthorized device list update means includes:
Whether to update the unauthorized device list held by the holding unit based on version information and generation information of the unauthorized device list held by the other data exchange processing device acquired from the other data exchange processing device A determination unit for determining
When it is determined to update, an acquisition unit that acquires an unauthorized device list for update from the other data exchange processing device;
Upon receipt of the permission notification from the state management means, a verification unit that requests the verification process to determine the validity of the unauthorized device list for update using the cryptographic engine unit;
An update unit that replaces the unauthorized device list held in the holding unit with the updated unauthorized device list when the validity of the updated unauthorized device list is recognized. The data exchange processing device according to 1. - 不正機器リストを用いて不正な機器を排除し、コンテンツを送受信するデータ交換処理装置で用いられるデータ交換処理方法であって、
前記データ交換処理装置は、
暗号処理および検証処理を行う暗号エンジン部を備え、
前記データ交換処理方法は、
前記暗号エンジン部を用いてコンテンツの暗号処理を行いながらコンテンツを出力するストリーム制御ステップと、
前記暗号エンジン部を用いて不正機器リストの検証処理を行う不正機器リスト更新ステップと、
前記コンテンツに係るメタ情報と前記ストリーム制御手段による処理位置とを用いて、前記暗号エンジン部の暗号処理の負荷が他の区間よりも小さい区間を検出すると、前記不正機器リスト更新手段へ許可通知を出力する状態管理ステップとを備え、
前記不正機器リスト更新ステップは、前記状態管理ステップから前記許可通知を受け取ると、前記暗号エンジン部を用いた不正機器リストの検証処理を開始する
ことを特徴とするデータ交換処理方法。 A data exchange processing method used in a data exchange processing device that uses a fraudulent device list to exclude unauthorized devices and transmits / receives content,
The data exchange processing device
A cryptographic engine unit that performs cryptographic processing and verification processing
The data exchange processing method is:
A stream control step of outputting content while performing encryption processing of the content using the cryptographic engine unit;
An unauthorized device list update step for performing an unauthorized device list verification process using the cryptographic engine unit;
When detecting a section where the cryptographic processing load of the cryptographic engine unit is smaller than other sections using the meta information related to the content and the processing position by the stream control means, a notification of permission is sent to the unauthorized device list update means. A state management step for outputting,
The data exchange processing method, wherein the unauthorized device list update step starts verification processing of the unauthorized device list using the cryptographic engine unit when the permission notification is received from the state management step.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/058,893 US8613100B2 (en) | 2009-06-30 | 2010-06-23 | Data exchange processing apparatus and data exchange processing method |
JP2011520766A JP5457451B2 (en) | 2009-06-30 | 2010-06-23 | Data exchange processing device and data exchange processing method |
CN201080002410.XA CN102132521B (en) | 2009-06-30 | 2010-06-23 | Data exchange processing device and data exchange processing method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2009-154959 | 2009-06-30 | ||
JP2009154959 | 2009-06-30 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011001630A1 true WO2011001630A1 (en) | 2011-01-06 |
Family
ID=43410720
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2010/004169 WO2011001630A1 (en) | 2009-06-30 | 2010-06-23 | Data exchange processing device and data exchange processing method |
Country Status (4)
Country | Link |
---|---|
US (1) | US8613100B2 (en) |
JP (1) | JP5457451B2 (en) |
CN (1) | CN102132521B (en) |
WO (1) | WO2011001630A1 (en) |
Families Citing this family (140)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9456054B2 (en) | 2008-05-16 | 2016-09-27 | Palo Alto Research Center Incorporated | Controlling the spread of interests and content in a content centric network |
US8923293B2 (en) | 2009-10-21 | 2014-12-30 | Palo Alto Research Center Incorporated | Adaptive multi-interface use for content networking |
JP2012244477A (en) * | 2011-05-20 | 2012-12-10 | Sony Corp | Communication controller, communication control method, program, and communication system |
US9280546B2 (en) * | 2012-10-31 | 2016-03-08 | Palo Alto Research Center Incorporated | System and method for accessing digital content using a location-independent name |
US9400800B2 (en) | 2012-11-19 | 2016-07-26 | Palo Alto Research Center Incorporated | Data transport by named content synchronization |
US10430839B2 (en) | 2012-12-12 | 2019-10-01 | Cisco Technology, Inc. | Distributed advertisement insertion in content-centric networks |
US9978025B2 (en) | 2013-03-20 | 2018-05-22 | Cisco Technology, Inc. | Ordered-element naming for name-based packet forwarding |
US9935791B2 (en) | 2013-05-20 | 2018-04-03 | Cisco Technology, Inc. | Method and system for name resolution across heterogeneous architectures |
US9185120B2 (en) | 2013-05-23 | 2015-11-10 | Palo Alto Research Center Incorporated | Method and system for mitigating interest flooding attacks in content-centric networks |
US9444722B2 (en) | 2013-08-01 | 2016-09-13 | Palo Alto Research Center Incorporated | Method and apparatus for configuring routing paths in a custodian-based routing architecture |
US9098699B1 (en) * | 2013-09-25 | 2015-08-04 | Emc Corporation | Smart television data sharing to provide security |
US9407549B2 (en) | 2013-10-29 | 2016-08-02 | Palo Alto Research Center Incorporated | System and method for hash-based forwarding of packets with hierarchically structured variable-length identifiers |
US9276840B2 (en) | 2013-10-30 | 2016-03-01 | Palo Alto Research Center Incorporated | Interest messages with a payload for a named data network |
US9282050B2 (en) | 2013-10-30 | 2016-03-08 | Palo Alto Research Center Incorporated | System and method for minimum path MTU discovery in content centric networks |
US9401864B2 (en) | 2013-10-31 | 2016-07-26 | Palo Alto Research Center Incorporated | Express header for packets with hierarchically structured variable-length identifiers |
US9311377B2 (en) | 2013-11-13 | 2016-04-12 | Palo Alto Research Center Incorporated | Method and apparatus for performing server handoff in a name-based content distribution system |
US10129365B2 (en) | 2013-11-13 | 2018-11-13 | Cisco Technology, Inc. | Method and apparatus for pre-fetching remote content based on static and dynamic recommendations |
US10101801B2 (en) | 2013-11-13 | 2018-10-16 | Cisco Technology, Inc. | Method and apparatus for prefetching content in a data stream |
US10089655B2 (en) | 2013-11-27 | 2018-10-02 | Cisco Technology, Inc. | Method and apparatus for scalable data broadcasting |
US9503358B2 (en) | 2013-12-05 | 2016-11-22 | Palo Alto Research Center Incorporated | Distance-based routing in an information-centric network |
US9379979B2 (en) | 2014-01-14 | 2016-06-28 | Palo Alto Research Center Incorporated | Method and apparatus for establishing a virtual interface for a set of mutual-listener devices |
US10172068B2 (en) | 2014-01-22 | 2019-01-01 | Cisco Technology, Inc. | Service-oriented routing in software-defined MANETs |
US10098051B2 (en) | 2014-01-22 | 2018-10-09 | Cisco Technology, Inc. | Gateways and routing in software-defined manets |
US9374304B2 (en) | 2014-01-24 | 2016-06-21 | Palo Alto Research Center Incorporated | End-to end route tracing over a named-data network |
US9531679B2 (en) | 2014-02-06 | 2016-12-27 | Palo Alto Research Center Incorporated | Content-based transport security for distributed producers |
US9954678B2 (en) | 2014-02-06 | 2018-04-24 | Cisco Technology, Inc. | Content-based transport security |
US9678998B2 (en) | 2014-02-28 | 2017-06-13 | Cisco Technology, Inc. | Content name resolution for information centric networking |
US10089651B2 (en) | 2014-03-03 | 2018-10-02 | Cisco Technology, Inc. | Method and apparatus for streaming advertisements in a scalable data broadcasting system |
US9836540B2 (en) | 2014-03-04 | 2017-12-05 | Cisco Technology, Inc. | System and method for direct storage access in a content-centric network |
US9391896B2 (en) | 2014-03-10 | 2016-07-12 | Palo Alto Research Center Incorporated | System and method for packet forwarding using a conjunctive normal form strategy in a content-centric network |
US9626413B2 (en) | 2014-03-10 | 2017-04-18 | Cisco Systems, Inc. | System and method for ranking content popularity in a content-centric network |
US9473405B2 (en) | 2014-03-10 | 2016-10-18 | Palo Alto Research Center Incorporated | Concurrent hashes and sub-hashes on data streams |
US9407432B2 (en) | 2014-03-19 | 2016-08-02 | Palo Alto Research Center Incorporated | System and method for efficient and secure distribution of digital content |
US9916601B2 (en) | 2014-03-21 | 2018-03-13 | Cisco Technology, Inc. | Marketplace for presenting advertisements in a scalable data broadcasting system |
US9363179B2 (en) | 2014-03-26 | 2016-06-07 | Palo Alto Research Center Incorporated | Multi-publisher routing protocol for named data networks |
US9363086B2 (en) | 2014-03-31 | 2016-06-07 | Palo Alto Research Center Incorporated | Aggregate signing of data in content centric networking |
US9716622B2 (en) | 2014-04-01 | 2017-07-25 | Cisco Technology, Inc. | System and method for dynamic name configuration in content-centric networks |
US10075521B2 (en) | 2014-04-07 | 2018-09-11 | Cisco Technology, Inc. | Collection synchronization using equality matched network names |
US9473576B2 (en) | 2014-04-07 | 2016-10-18 | Palo Alto Research Center Incorporated | Service discovery using collection synchronization with exact names |
US9390289B2 (en) | 2014-04-07 | 2016-07-12 | Palo Alto Research Center Incorporated | Secure collection synchronization using matched network names |
US9451032B2 (en) | 2014-04-10 | 2016-09-20 | Palo Alto Research Center Incorporated | System and method for simple service discovery in content-centric networks |
US9203885B2 (en) | 2014-04-28 | 2015-12-01 | Palo Alto Research Center Incorporated | Method and apparatus for exchanging bidirectional streams over a content centric network |
US9992281B2 (en) | 2014-05-01 | 2018-06-05 | Cisco Technology, Inc. | Accountable content stores for information centric networks |
US9609014B2 (en) | 2014-05-22 | 2017-03-28 | Cisco Systems, Inc. | Method and apparatus for preventing insertion of malicious content at a named data network router |
US9455835B2 (en) | 2014-05-23 | 2016-09-27 | Palo Alto Research Center Incorporated | System and method for circular link resolution with hash-based names in content-centric networks |
US9276751B2 (en) | 2014-05-28 | 2016-03-01 | Palo Alto Research Center Incorporated | System and method for circular link resolution with computable hash-based names in content-centric networks |
US9467377B2 (en) | 2014-06-19 | 2016-10-11 | Palo Alto Research Center Incorporated | Associating consumer states with interests in a content-centric network |
US9516144B2 (en) | 2014-06-19 | 2016-12-06 | Palo Alto Research Center Incorporated | Cut-through forwarding of CCNx message fragments with IP encapsulation |
US9537719B2 (en) | 2014-06-19 | 2017-01-03 | Palo Alto Research Center Incorporated | Method and apparatus for deploying a minimal-cost CCN topology |
US9426113B2 (en) | 2014-06-30 | 2016-08-23 | Palo Alto Research Center Incorporated | System and method for managing devices over a content centric network |
US9699198B2 (en) | 2014-07-07 | 2017-07-04 | Cisco Technology, Inc. | System and method for parallel secure content bootstrapping in content-centric networks |
US9621354B2 (en) | 2014-07-17 | 2017-04-11 | Cisco Systems, Inc. | Reconstructable content objects |
US9959156B2 (en) | 2014-07-17 | 2018-05-01 | Cisco Technology, Inc. | Interest return control message |
US9590887B2 (en) | 2014-07-18 | 2017-03-07 | Cisco Systems, Inc. | Method and system for keeping interest alive in a content centric network |
US9729616B2 (en) | 2014-07-18 | 2017-08-08 | Cisco Technology, Inc. | Reputation-based strategy for forwarding and responding to interests over a content centric network |
US9535968B2 (en) | 2014-07-21 | 2017-01-03 | Palo Alto Research Center Incorporated | System for distributing nameless objects using self-certifying names |
US9882964B2 (en) | 2014-08-08 | 2018-01-30 | Cisco Technology, Inc. | Explicit strategy feedback in name-based forwarding |
US9729662B2 (en) | 2014-08-11 | 2017-08-08 | Cisco Technology, Inc. | Probabilistic lazy-forwarding technique without validation in a content centric network |
US9503365B2 (en) | 2014-08-11 | 2016-11-22 | Palo Alto Research Center Incorporated | Reputation-based instruction processing over an information centric network |
US9391777B2 (en) | 2014-08-15 | 2016-07-12 | Palo Alto Research Center Incorporated | System and method for performing key resolution over a content centric network |
US9467492B2 (en) | 2014-08-19 | 2016-10-11 | Palo Alto Research Center Incorporated | System and method for reconstructable all-in-one content stream |
US9800637B2 (en) | 2014-08-19 | 2017-10-24 | Cisco Technology, Inc. | System and method for all-in-one content stream in content-centric networks |
US9497282B2 (en) | 2014-08-27 | 2016-11-15 | Palo Alto Research Center Incorporated | Network coding for content-centric network |
US10204013B2 (en) | 2014-09-03 | 2019-02-12 | Cisco Technology, Inc. | System and method for maintaining a distributed and fault-tolerant state over an information centric network |
US9553812B2 (en) | 2014-09-09 | 2017-01-24 | Palo Alto Research Center Incorporated | Interest keep alives at intermediate routers in a CCN |
US10069933B2 (en) | 2014-10-23 | 2018-09-04 | Cisco Technology, Inc. | System and method for creating virtual interfaces based on network characteristics |
US9590948B2 (en) | 2014-12-15 | 2017-03-07 | Cisco Systems, Inc. | CCN routing using hardware-assisted hash tables |
US9536059B2 (en) | 2014-12-15 | 2017-01-03 | Palo Alto Research Center Incorporated | Method and system for verifying renamed content using manifests in a content centric network |
US10237189B2 (en) | 2014-12-16 | 2019-03-19 | Cisco Technology, Inc. | System and method for distance-based interest forwarding |
US9846881B2 (en) | 2014-12-19 | 2017-12-19 | Palo Alto Research Center Incorporated | Frugal user engagement help systems |
US9473475B2 (en) | 2014-12-22 | 2016-10-18 | Palo Alto Research Center Incorporated | Low-cost authenticated signing delegation in content centric networking |
US10003520B2 (en) | 2014-12-22 | 2018-06-19 | Cisco Technology, Inc. | System and method for efficient name-based content routing using link-state information in information-centric networks |
US9660825B2 (en) | 2014-12-24 | 2017-05-23 | Cisco Technology, Inc. | System and method for multi-source multicasting in content-centric networks |
US9602596B2 (en) | 2015-01-12 | 2017-03-21 | Cisco Systems, Inc. | Peer-to-peer sharing in a content centric network |
US9832291B2 (en) | 2015-01-12 | 2017-11-28 | Cisco Technology, Inc. | Auto-configurable transport stack |
US9954795B2 (en) | 2015-01-12 | 2018-04-24 | Cisco Technology, Inc. | Resource allocation using CCN manifests |
US9946743B2 (en) | 2015-01-12 | 2018-04-17 | Cisco Technology, Inc. | Order encoded manifests in a content centric network |
US9916457B2 (en) | 2015-01-12 | 2018-03-13 | Cisco Technology, Inc. | Decoupled name security binding for CCN objects |
US9462006B2 (en) | 2015-01-21 | 2016-10-04 | Palo Alto Research Center Incorporated | Network-layer application-specific trust model |
US9552493B2 (en) | 2015-02-03 | 2017-01-24 | Palo Alto Research Center Incorporated | Access control framework for information centric networking |
US10333840B2 (en) | 2015-02-06 | 2019-06-25 | Cisco Technology, Inc. | System and method for on-demand content exchange with adaptive naming in information-centric networks |
US10075401B2 (en) | 2015-03-18 | 2018-09-11 | Cisco Technology, Inc. | Pending interest table behavior |
US10116605B2 (en) | 2015-06-22 | 2018-10-30 | Cisco Technology, Inc. | Transport stack name scheme and identity management |
US10075402B2 (en) | 2015-06-24 | 2018-09-11 | Cisco Technology, Inc. | Flexible command and control in content centric networks |
US10728043B2 (en) * | 2015-07-21 | 2020-07-28 | Entrust, Inc. | Method and apparatus for providing secure communication among constrained devices |
US10701038B2 (en) | 2015-07-27 | 2020-06-30 | Cisco Technology, Inc. | Content negotiation in a content centric network |
US9986034B2 (en) | 2015-08-03 | 2018-05-29 | Cisco Technology, Inc. | Transferring state in content centric network stacks |
US10610144B2 (en) | 2015-08-19 | 2020-04-07 | Palo Alto Research Center Incorporated | Interactive remote patient monitoring and condition management intervention system |
US9832123B2 (en) | 2015-09-11 | 2017-11-28 | Cisco Technology, Inc. | Network named fragments in a content centric network |
US10355999B2 (en) | 2015-09-23 | 2019-07-16 | Cisco Technology, Inc. | Flow control with network named fragments |
US9977809B2 (en) | 2015-09-24 | 2018-05-22 | Cisco Technology, Inc. | Information and data framework in a content centric network |
US10313227B2 (en) | 2015-09-24 | 2019-06-04 | Cisco Technology, Inc. | System and method for eliminating undetected interest looping in information-centric networks |
US10454820B2 (en) | 2015-09-29 | 2019-10-22 | Cisco Technology, Inc. | System and method for stateless information-centric networking |
US10263965B2 (en) | 2015-10-16 | 2019-04-16 | Cisco Technology, Inc. | Encrypted CCNx |
US9794238B2 (en) | 2015-10-29 | 2017-10-17 | Cisco Technology, Inc. | System for key exchange in a content centric network |
US9807205B2 (en) | 2015-11-02 | 2017-10-31 | Cisco Technology, Inc. | Header compression for CCN messages using dictionary |
US10009446B2 (en) | 2015-11-02 | 2018-06-26 | Cisco Technology, Inc. | Header compression for CCN messages using dictionary learning |
US10021222B2 (en) | 2015-11-04 | 2018-07-10 | Cisco Technology, Inc. | Bit-aligned header compression for CCN messages using dictionary |
US10097521B2 (en) | 2015-11-20 | 2018-10-09 | Cisco Technology, Inc. | Transparent encryption in a content centric network |
US9912776B2 (en) | 2015-12-02 | 2018-03-06 | Cisco Technology, Inc. | Explicit content deletion commands in a content centric network |
US10097346B2 (en) | 2015-12-09 | 2018-10-09 | Cisco Technology, Inc. | Key catalogs in a content centric network |
US10078062B2 (en) | 2015-12-15 | 2018-09-18 | Palo Alto Research Center Incorporated | Device health estimation by combining contextual information with sensor data |
US10257271B2 (en) | 2016-01-11 | 2019-04-09 | Cisco Technology, Inc. | Chandra-Toueg consensus in a content centric network |
US9949301B2 (en) | 2016-01-20 | 2018-04-17 | Palo Alto Research Center Incorporated | Methods for fast, secure and privacy-friendly internet connection discovery in wireless networks |
US10305864B2 (en) | 2016-01-25 | 2019-05-28 | Cisco Technology, Inc. | Method and system for interest encryption in a content centric network |
US10043016B2 (en) | 2016-02-29 | 2018-08-07 | Cisco Technology, Inc. | Method and system for name encryption agreement in a content centric network |
US10051071B2 (en) | 2016-03-04 | 2018-08-14 | Cisco Technology, Inc. | Method and system for collecting historical network information in a content centric network |
US10038633B2 (en) | 2016-03-04 | 2018-07-31 | Cisco Technology, Inc. | Protocol to query for historical network information in a content centric network |
US10003507B2 (en) | 2016-03-04 | 2018-06-19 | Cisco Technology, Inc. | Transport session state protocol |
US10742596B2 (en) | 2016-03-04 | 2020-08-11 | Cisco Technology, Inc. | Method and system for reducing a collision probability of hash-based names using a publisher identifier |
US9832116B2 (en) | 2016-03-14 | 2017-11-28 | Cisco Technology, Inc. | Adjusting entries in a forwarding information base in a content centric network |
US10212196B2 (en) | 2016-03-16 | 2019-02-19 | Cisco Technology, Inc. | Interface discovery and authentication in a name-based network |
US10067948B2 (en) | 2016-03-18 | 2018-09-04 | Cisco Technology, Inc. | Data deduping in content centric networking manifests |
US11436656B2 (en) | 2016-03-18 | 2022-09-06 | Palo Alto Research Center Incorporated | System and method for a real-time egocentric collaborative filter on large datasets |
US10091330B2 (en) | 2016-03-23 | 2018-10-02 | Cisco Technology, Inc. | Interest scheduling by an information and data framework in a content centric network |
US10033639B2 (en) | 2016-03-25 | 2018-07-24 | Cisco Technology, Inc. | System and method for routing packets in a content centric network using anonymous datagrams |
US10320760B2 (en) | 2016-04-01 | 2019-06-11 | Cisco Technology, Inc. | Method and system for mutating and caching content in a content centric network |
US9930146B2 (en) | 2016-04-04 | 2018-03-27 | Cisco Technology, Inc. | System and method for compressing content centric networking messages |
US10425503B2 (en) | 2016-04-07 | 2019-09-24 | Cisco Technology, Inc. | Shared pending interest table in a content centric network |
US10027578B2 (en) | 2016-04-11 | 2018-07-17 | Cisco Technology, Inc. | Method and system for routable prefix queries in a content centric network |
US10404450B2 (en) | 2016-05-02 | 2019-09-03 | Cisco Technology, Inc. | Schematized access control in a content centric network |
US10320675B2 (en) | 2016-05-04 | 2019-06-11 | Cisco Technology, Inc. | System and method for routing packets in a stateless content centric network |
US10547589B2 (en) | 2016-05-09 | 2020-01-28 | Cisco Technology, Inc. | System for implementing a small computer systems interface protocol over a content centric network |
US10084764B2 (en) | 2016-05-13 | 2018-09-25 | Cisco Technology, Inc. | System for a secure encryption proxy in a content centric network |
US10063414B2 (en) | 2016-05-13 | 2018-08-28 | Cisco Technology, Inc. | Updating a transport stack in a content centric network |
US10103989B2 (en) | 2016-06-13 | 2018-10-16 | Cisco Technology, Inc. | Content object return messages in a content centric network |
US10305865B2 (en) | 2016-06-21 | 2019-05-28 | Cisco Technology, Inc. | Permutation-based content encryption with manifests in a content centric network |
US10148572B2 (en) | 2016-06-27 | 2018-12-04 | Cisco Technology, Inc. | Method and system for interest groups in a content centric network |
US10009266B2 (en) | 2016-07-05 | 2018-06-26 | Cisco Technology, Inc. | Method and system for reference counted pending interest tables in a content centric network |
US9992097B2 (en) | 2016-07-11 | 2018-06-05 | Cisco Technology, Inc. | System and method for piggybacking routing information in interests in a content centric network |
JP6399606B2 (en) * | 2016-07-12 | 2018-10-03 | Necプラットフォームズ株式会社 | Video conference system and video conference method |
US10122624B2 (en) | 2016-07-25 | 2018-11-06 | Cisco Technology, Inc. | System and method for ephemeral entries in a forwarding information base in a content centric network |
US10069729B2 (en) | 2016-08-08 | 2018-09-04 | Cisco Technology, Inc. | System and method for throttling traffic based on a forwarding information base in a content centric network |
US10956412B2 (en) | 2016-08-09 | 2021-03-23 | Cisco Technology, Inc. | Method and system for conjunctive normal form attribute matching in a content centric network |
US10033642B2 (en) | 2016-09-19 | 2018-07-24 | Cisco Technology, Inc. | System and method for making optimal routing decisions based on device-specific parameters in a content centric network |
US10212248B2 (en) | 2016-10-03 | 2019-02-19 | Cisco Technology, Inc. | Cache management on high availability routers in a content centric network |
TWI688252B (en) * | 2016-10-03 | 2020-03-11 | 日商日本電氣股份有限公司 | Communication device, communication method and recording medium |
US10447805B2 (en) | 2016-10-10 | 2019-10-15 | Cisco Technology, Inc. | Distributed consensus in a content centric network |
US10135948B2 (en) | 2016-10-31 | 2018-11-20 | Cisco Technology, Inc. | System and method for process migration in a content centric network |
US10243851B2 (en) | 2016-11-21 | 2019-03-26 | Cisco Technology, Inc. | System and method for forwarder connection information in a content centric network |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002135243A (en) * | 2000-10-20 | 2002-05-10 | Sony Corp | Data reproducing apparatus, data recording apparatus, data reproducing method, data recording method, list updating method and program providing medium |
WO2005052802A1 (en) * | 2003-11-25 | 2005-06-09 | Matsushita Electric Industrial Co.,Ltd. | Authentication system |
JP2007081953A (en) * | 2005-09-15 | 2007-03-29 | Toshiba Corp | Av equipment and its control method |
JP2008131557A (en) * | 2006-11-24 | 2008-06-05 | Matsushita Electric Ind Co Ltd | Video/audio output equipment, authentication processing method, and video/audio processing system |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4024419B2 (en) * | 1999-03-11 | 2007-12-19 | 株式会社東芝 | Unauthorized device detection device |
JP4045903B2 (en) | 2002-09-03 | 2008-02-13 | ソニー株式会社 | Information update method |
JP4418624B2 (en) * | 2002-12-17 | 2010-02-17 | パナソニック株式会社 | Encryption device and decryption device |
JP2005223504A (en) * | 2004-02-04 | 2005-08-18 | Sony Corp | Service providing server, information processor and data processing method, and computer program |
CN100397945C (en) * | 2004-11-19 | 2008-06-25 | 华为技术有限公司 | Method for preventing message from repeating and attacking under idle mode |
CN101227204A (en) * | 2007-01-17 | 2008-07-23 | 上海宇梦通信科技有限公司 | Method for searching district frequency |
US8259949B2 (en) * | 2008-05-27 | 2012-09-04 | Intel Corporation | Methods and apparatus for protecting digital content |
-
2010
- 2010-06-23 US US13/058,893 patent/US8613100B2/en active Active
- 2010-06-23 WO PCT/JP2010/004169 patent/WO2011001630A1/en active Application Filing
- 2010-06-23 JP JP2011520766A patent/JP5457451B2/en active Active
- 2010-06-23 CN CN201080002410.XA patent/CN102132521B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002135243A (en) * | 2000-10-20 | 2002-05-10 | Sony Corp | Data reproducing apparatus, data recording apparatus, data reproducing method, data recording method, list updating method and program providing medium |
WO2005052802A1 (en) * | 2003-11-25 | 2005-06-09 | Matsushita Electric Industrial Co.,Ltd. | Authentication system |
JP2007081953A (en) * | 2005-09-15 | 2007-03-29 | Toshiba Corp | Av equipment and its control method |
JP2008131557A (en) * | 2006-11-24 | 2008-06-05 | Matsushita Electric Ind Co Ltd | Video/audio output equipment, authentication processing method, and video/audio processing system |
Also Published As
Publication number | Publication date |
---|---|
JP5457451B2 (en) | 2014-04-02 |
US20110145597A1 (en) | 2011-06-16 |
CN102132521B (en) | 2014-09-24 |
CN102132521A (en) | 2011-07-20 |
JPWO2011001630A1 (en) | 2012-12-10 |
US8613100B2 (en) | 2013-12-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5457451B2 (en) | Data exchange processing device and data exchange processing method | |
JP4518058B2 (en) | Content transmission system, content transmission device, content transmission method, and computer program | |
US8984646B2 (en) | Content transmission device and content reception device | |
JP5614016B2 (en) | COMMUNICATION SYSTEM, COMMUNICATION DEVICE AND COMMUNICATION METHOD, COMPUTER PROGRAM, CONTENT PROVIDING DEVICE, AND CONTENT PROVIDING METHOD | |
JP5129886B2 (en) | Content encryption using at least one content prekey | |
JP4982031B2 (en) | Content transmission apparatus, content reception apparatus, content transmission method, and content reception method | |
JP2005005821A (en) | Content transmitting apparatus, content receiving apparatus, and content transmitting method | |
JP2007150846A (en) | Contents reproducing system | |
TW201334519A (en) | System and method for asset lease management | |
JP2009194860A (en) | Transmitter, receiver, content transmitting and receiving system, content transmitting method, content receiving method, and program | |
US20110113443A1 (en) | IP TV With DRM | |
US20090041424A1 (en) | Transmitting-side recording and reproducing apparatus, and receiving-side recording and reproducing apparatus | |
JP4910324B2 (en) | Information processing apparatus, information processing method, and computer program | |
JP2004328706A (en) | Transmitter, receiver, transmission control program and reception control program | |
JP2009060451A (en) | Transmission apparatus, reception apparatus, content transmission/reception system, content transmission method, content reception method and program | |
JP2006339900A (en) | Data transmitter, data receiver, data transmitting method, and data receiving method | |
JP4883199B2 (en) | Content transmission system, content transmission device, content transmission method, and computer program | |
JP4095634B2 (en) | COMMUNICATION DEVICE, DIGITAL TELEVISION DEVICE, AND COMMUNICATION DEVICE CONTROL METHOD | |
JP2007034903A (en) | Information processor, information processing method and computer program | |
US20100085965A1 (en) | Content transmitting method and apparatus | |
JP4564572B1 (en) | Transmission device, reception device, and content transmission / reception method | |
JP4956845B2 (en) | Information processing apparatus, secret information protection system, and secret information protection method | |
JP6848013B2 (en) | Content transmission device and its content transmission method | |
JP4736603B2 (en) | Information communication apparatus, information communication method, and computer program | |
JP5177238B2 (en) | Content transmitting apparatus and content transmitting method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201080002410.X Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13058893 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref document number: 2011520766 Country of ref document: JP Kind code of ref document: A |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10793804 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 10793804 Country of ref document: EP Kind code of ref document: A1 |